This invention relates to integrated circuit (IC) cards, such as smart cards, PC cards, and the like, which are capable of being used for multiple different applications. This invention further relates to systems and methods for initializing, configuring, and managing various resources maintained on the IC cards. This invention also relates to the secure management and transportation of cryptographic-related resources, such as keys and certificates, from one location to another.
Computers are playing an ever increasing role in day-to-day personal management. Individual users keep appointment schedules, track bank and credit card accounts, manage investment portfolios, reserve travel accommodations, transact business, order products, and submit payment all electronically from their own computers. This revolution is being spawned by the combined phenomenon of rapid and wide deployment of personal computers in both business and home environments, explosive growth in interconnecting these personal computers to networks and online services, and dramatic increase in the deployment of retail terminals or kiosks based on PC technology.
As part of this trend, businesses have identified significant opportunities for electronic commerce, not only with other businesses, but also through direct access to the consumer. Merchants are selling wares in an electronic marketplace which enable users to shop and purchase goods using their computer. For instance, many merchants are developing web sites that allow users to browse products over the Internet. Payment and settlement following any purchase are likewise handled electronically among the merchants, their banks, any credit companies, and the purchasers"" banks.
One consequence of this revolution is a growing demand for high data security and for high assurance in user identification and authentication. In an electronic marketplace, there is no face-to-face transaction in which security is ensured by the presence of both parties and authentication of the consumer involves personal recognition or quick verification of a corroborating piece of identification (i.e., a credit card or a driver""s license). Rather, in an electronic arena, the consumer might live in one state or country, while the merchant resides in another, and the two parties never meet in person.
For an electronic marketplace to flourish, consumers and merchants must believe that information being exchanged between them is secure. They must also trust that the other party is legitimate. Moreover, each party must also have some assurance that the information received from the other party did in fact originate at the other party (and not an impostor) and that the information has not been subsequently altered or tampered with by an intruder. Accordingly, security, identification, authentication, and information validity are important to the full development and acceptance of an electronic marketplace. Furthermore, these capabilities must be readily portable by the end user in a manner which facilitates access to the electronic marketplace from a variety of locations.
Even outside of the commerce environment, the same themes of security, identification, authentication, and validity are becoming more important as reliance on computer networks increases. In modern network environments, identification and authentication are commonly used in access protocols aimed at preventing unauthorized users from gaining access to resources and services provided by the network. Typically, a user identifies himself or herself to a computer using a login dialog in which the user enters a descriptive and secret code name. The authentication process running on the computer validates the user based upon this confidential code name. Once validated, the user is free to roam the computer and network for resources and services. Unfortunately, the password authentication process often falls short of providing adequate security or user authentication. The password protocol, by itself, is well known to be weak and conducive to successful illegitimate attacks.
The problems inherent in password approaches has given rise to a variety of products which perform user authentication. Such products typically employ cryptographic technology in combination with hardware token devices. These token devices are typically pre-configured by the manufacturer and delivered to the user and replace the login password with a more robust and difficult to attack challenge-response protocol. While this technology is adequate for access control on an enterprise network (i.e., a local network for a business or other entity), it is not particularly scalable to public networks used by a large user population. This is the result of reliance on a centralized access control server which has knowledge of all the tokens issued to valid users.
Another problem which existing hardware tokens has been generation and management of key values.xe2x80x9cKeysxe2x80x9d are a numerical value, often expressed digitally as a number of bits, which are used in cryptographic algorithms that encrypt and decrypt messages. The keys are uniquely associated with a particular identity, such as a user or a computer. Configuring millions of devices, each with its own unique keys, would be a huge processing task for the manufacturer, resulting in a significant increase in the cost of the hardware device. From a security standpoint, another problem is that the manufacturer becomes a centralized point of attack in which bandits can covertly attempt to steal private key information. Another problem concerns replacement of keys. Once a key has exhausted it useful life, the manufacturer must either issue new devices with new keys or reconfigure old devices to change the keys. Once again, this is an extremely difficult, expensive, and inefficient task in a large scale system.
Accordingly, there is a need to develop an open identification and authentication architecture that does not rely on proprietary or customized hardware devices.
In addition to identification and authentication, the electronic arena also requires secure data transmission over an insecure public network (e.g., the Internet). Cryptography has evolved in the electronic setting as a means to securely transfer information over a communication system that is presumed to be insecure. Cryptography provides the necessary tools to digitally secure sensitive and valuable electronic messages in a manner that insures privacy between the sender and recipient of the communique, even though the message is subject to interception on the insecure communication system.
Through use of both public key (or asymmetric key) cryptography combined with secret key (or symmetric key) cryptography it is possible to address the above requirements. To initiate a secure electronic transaction between two individuals, one can use an authentication protocol based on public key cryptography. This protocol will result in the exchange of public key certificates and data encrypted with a private authentication key between the two users. The certificates contain a party""s identification, the party""s public keys (typically both a authentication or signature key and a key exchange key will be used), and is digitally signed by a trusted certifying authority. Upon receipt of the certificate, each party validates the certifying authority""s signature (using their publicly available key). They can then use the public key in the certificate to validate the authentication data provided by the other party, which was encrypted with their private key. Once the validation is complete, they have high assurance they are in communication with the individual named in the certificate.
To securely exchange messages they can use a combination of both public and secret key cryptography. To send a secure message, the sender will generate a secret key and use this to encrypt the message using a secret key algorithm. Encryption transforms the message from plaintext into some meaningless ciphertext that is not understandable in its raw form and cannot be deciphered by an eavesdropper. The secret key is then encrypted using the recipients public key exchange key. Both the encrypted key and encrypted message are then sent to the recipient. Furthermore, to ensure that the message is not altered in any way, or replaced, the sender may also digitally sign the message using their private signing key.
Upon receipt of the signed encrypted message, the recipient first decrypts the secret key using their private key exchange key. They can then decrypt the message using the secret key and the same secret key algorithm which transforms the message from its ciphertext back to its plaintext. Only the recipient is presumed to have the ability to decipher the message since only the recipient has possession of its private exchange key. The recipient verifies the authenticity of the sender""s digital signature using the originator""s public signing key (which it received in the originator""s certificate) to assure itself that the contents are from the legitimate sender and have not been subsequently altered.
Encryption, decryption, digital signing, and verification are therefore the principal cryptographic primitives that are used in an electronic network setting to facilitate the security, privacy, authenticity, and integrity of information being exchanged.
The secure information exchange is jeopardized, however, if the private keys are discovered through theft or user mishandling. The private keys must be kept confidential to ensure security. However, in the computerized network setting, there are potential hazards of using private keys in the cryptographic functions within available personal computers or workstations. Since the functions are carried out electronically, the user might assume the cryptographic routines are operating as expected, yet not be aware of ignorant or sophisticated electronic attacks. Careless applications might use cryptographic exchange or signature keys in ways that jeopardize the key""s secrecy. Moreover, malicious applications might even deliberately compromise the user""s secrecy, or worse, perform unauthorized cryptographic operations. For instance, a malicious application might attempt to decrypt the user""s secret files and transmit them to some adverse party. Another situation might involve an application attempting to digitally sign notes or IOUs on behalf of the user without the user""s knowledge or consent. A computer implemented cryptographic system must therefore provide the needed security to prevent attack from poorly devised or malicious applications.
Today, there are several electronic systems that provide cryptographic services in the computer forum. These includexe2x80x9cBsafe librariesxe2x80x9d by RSA Data Security Inc.,xe2x80x9cX/Open CAPIxe2x80x9d, andxe2x80x9cPKCS#xe2x80x9d. However, each of these systems permit direct access of the application to the keying material. There is no protection of these cryptographic resources from electronic attack. Furthermore, the Bsafe system, which is the most widely used cryptography system, directly attaches the cryptographic code to the application. There is no contemplation of protecting the keys from ignorant or malicious attacks from other software applications.
Accordingly, there is a need to a develop a system that empowers the user with the tools to securely store and manage cryptographic keys and certificates along with critical application data used with these assets to conduct electronic transactions. Simply keeping private keys stored in the user""s computer may not adequately protect them from such malicious applications that attempt to locate and expose the user""s private keys. Moreover, designing specific hardware/software solutions for every data exchange application is not particularly useful or workable for a broad public system with millions of users.
Ideally, it is desirable to develop a platform which supports a variety of different applications that a user might undertake. For instance, it would be convenient and efficient for the same platform to be used in conducting electronic commerce over a network, or authenticating a user for point-of-sale transactions, or managing a user""s banking and financial matters, or any other electronic application. Most of these applications require access to the user""s certificates and keys. However, these different applications typically involve interaction with different computers, such as the user""s own computer, an employer""s computer, a banking ATM, an electronic ticketing machine, and so on.
To support multiple applications, the platform must enable a user to transport certificates and keys from one application to another in a secure manner. This would permit the user, for example, to gain access to his/her bank accounts in a banking context, to exchange information with a colleague electronically over a public network in a secure manner, and to digitally sign a purchase order in an electronic shopping context. It is inadequate to transport the certificates and keys on a memory disk as theft of the disk would compromise the keys. Even encrypting the keys before loading them onto the memory disk would not prove helpful because the keys would eventually be decrypted at some time in the future to perform a cryptographic function. This always leaves a point where the private keys are available in unencrypted format and thus, exposed to copying or unauthorized use.
Accordingly, another design goal is to provide a multi-application platform which offers secure storage and transportation of private keys for use in different application contexts, without jeopardizing or exposing the private keys. Given these goals, there are countervailing concerns that any solution be cost effective, highly reliable, and difficult to compromise from a security standpoint, yet readily tailorable to a user""s needs and preferences.
This invention provides a uniform platform for conducting electronic transactions in multiple different environments. The platform is based upon use of a portable, multi-purpose, integrated circuit (IC) card and complimentary computer software which enables user access and management of resources maintained on the IC card. The software runs oh a user""s personal computer, empowering the user to initialize the IC card, configure the card with the resources that the user wants to maintain on the card, and to manage those resources. The software enables the user to generate private/public key pairs and establish or change passcodes for access to the card resources. The IC card itself provides the electronic vehicle for securely transporting the user""s private keys and certificates without exposing them in plaintext form. The IC card is designed with enough processing capabilities to perform rudimentary cryptographic functions so that the private keys may be employed for signing, encryption, and decryption without ever being exported from the card.
More particularly, one aspect of this invention pertains to a system having a multi-purpose IC card, a card reader which interfaces with the IC card to transfer information to and from the IC card, and a computer coupled to the card reader to control the information transfer between the card reader and the IC card. As an example implementation, the system can be implemented as a home computer, equipped with a card reader, and a generic smart card owned by the user.
The system further includes various applications which execute on the computer, or more specifically, which run on the computer""s operating system. For example, the applications might include a banking application, which organizes the user""s finances in conjunction with a particular bank; or an electronic commerce application, which allows the user to shop and purchase products over a public network; or a travel application, which permits the user to make vacation reservations; or an entertainment application, which enables the user to purchase tickets for entertainment events; or a gatekeeper application, which oversees access onto the network of the user""s employer. In any one of these contexts, the application might require access to certain resources maintained on the IC card.
The system further includes an application interface which executes on the computer to implement each application and to provide services which facilitate access to the resources on the IC card that are requested by the application. The application interface is preferably implemented as a service layer for the operating system, and is securely integrated with the operating system via mutual authentication procedures. The application interface supports three distinct types of services. These include (1) configuration services which permit a user to initialize and configure the IC card with those resources tailored to the user""s preferences, (2) security services which enable access to the cryptographic functionality on the IC card, and (3) resource management services which permit the user to manage the storage provided by the IC card.
In one implementation, the application interface comprises a cryptographic services module and a card management services module. The cryptographic services module implements cryptographic functionality for the application. The cryptographic services module uses cryptographic resources maintained on the IC card and supplements this with software services. When the application requests a cryptographic function, the cryptographic services module communicates with the IC card to have the IC card support the cryptographic function. The IC card lends support without exposing the cryptographic resources maintained thereon. As an example, if the application requests a digital signature on a message, the application calls the cryptographic services module to hash the message to produce a digest and passes the message digest to the IC card. The IC card then digitally signs the digest using the user""s private signing key and returns the signed digest to the application interface without exposing the signing key. The IC card can also assist in encryption, decryption, and authentication.
The card management services module implements the administration functionality for the application for managing resources maintained on the IC card. When the application requests performance of an administrative task on the IC card, the card management services module communicates with the IC card to perform the administrative task requested by the application. For example, the card management services module might support administrative tasks such as initialization of the IC card, generation of cryptographic keys, passcode configuration, and management of the IC card storage capabilities to hold certificates, and assets.
Another aspect of this invention is a card manager user interface (UI) which presents different graphical dialog screens to assist the user in managing her card resources. The card manager UI is very valuable from a usability standpoint. It provides a consistent presentation and method for managing the IC card resources which is independent of the applications being supported. The card manager UI allows the user to examine the resources of the card by using icon representations of the resources. The user can configure his/her card to add or remove resources simply by manipulating the graphical icons. The card manager UI also enables the user to initialize the IC card, and change passcodes for accessing the IC card.
Another aspect of this invention concerns the IC card itself. The integrated circuit (IC) card has a processor, a data I/O port controlled by the processor to receive and output data, a RAM, a ROM, and a programmable data memory is (example EEPROM or Flash memory). Such cards are available from multiple sources and in several form factors. Card-based software supports the functionality required, and interfaces, provided by the software running on the PC. This card software provides for programmable data memory partitioned into a public storage and a private storage. Confidential information, such as private keys, are maintained in the private storage. Non-confidential user information, such as standard medical data, can be kept in the public storage. The processor is configured to access the private storage of the data memory only after the processor verifies a passcode supplied by the user. Conversely, the processor is configured to access the public storage and output its contents without requiring receipt and verification of the user passcode. The partitioned storage and access protocol promote security of the cryptographic keys.